75c6123396812f929494bee362227094

General

Target

75c6123396812f929494bee362227094
Size

64KB
MD5

75c6123396812f929494bee362227094
SHA1

1db26677002ef64d87edf78a9c94ccc9c91a2e25
SHA256

958543ff66a0676f1a58f424dd675876f7bd524c3d5ed894f06ef8f7a8972a2c
SHA512

f0a86c7a7cb241c9f3c7e6bc69345c90ee3627b094acca2a122cef87d866912b3c23764cf2bf35d9a149dfbcbb446f60b4b1fbb6e9a9127f84fd8d4cd5564574
SSDEEP

768:0CBq5Q/P6t9OvtSpH4d68zHBfGlvtppssL4Q+:DBq5Q/St9OU4hIjpk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75c6123396812f929494bee362227094

Files

75c6123396812f929494bee362227094
.dll windows:4 windows x86 arch:x86

73166bbc9d564d2b8d16e7473c929c1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
WriteProcessMemory
Sleep
ReleaseMutex
ReadProcessMemory
OpenProcess
LoadLibraryA
GetProcAddress
GetPrivateProfileStringA
GetModuleFileNameA
GetLastError
GetCurrentProcess
GetComputerNameA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
DeleteFileA
CreateThread
CreateMutexA
CompareStringA
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetWindowThreadProcessId
GetWindowTextA
GetWindow
GetMessageA
GetForegroundWindow
GetClassNameA
FindWindowExA
FindWindowA
CallNextHookEx
GetKeyboardType
MessageBoxA
CharNextA

wsock32

WSACleanup
WSAStartup
gethostbyname
socket
send
recv
htons
connect
closesocket

Exports

Exports

StartHook
StopHook

Sections

UPX0
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73166bbc9d564d2b8d16e7473c929c1f

Headers

File Characteristics

Imports

kernel32

advapi32

user32

wsock32

Exports

Exports

Sections

UPX0 Size: 60KB - Virtual size: 60KB

.rsrc Size: 1024B - Virtual size: 4KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 1024B - Virtual size: 4KB

.avc
Size: 2KB - Virtual size: 4KB